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Claims 

1. A method of filtering data packets at a network gateway, the data packets having 
a header including a destination address and an extension header, the method 
comprising selectively blocking ones of the data packets where neither the 
destination address nor the extension header matches a predetermined address 
criterion. 

2. The method of claim 1 , wherein the address criterion is applied only to packets 
transmitted from a source node to a destination node during a corresponding 
packet data communication session. 

3. The method of claim 2, wherein the destination node has a first network address 
during a first period of the packet data communication session and a second, 
different network address during a second, subsequent period of the data 
communication session, and the source node transmits packets having the first 
network address as the destination address during the first period, and transmits 
packets having the second network address as the destination address and the 
first network address in the extension header during the second period. 

4. The method of claim 3, wherein the destination node converts packets received 
during the second period by replacing the second network address with the first 
network address before decoding the payload of the packets. 

5. The method of claim 4, wherein the extension header is a Routing Header Type 
2 extension header. 

6. The method of any one of claims 3 to 5, wherein the destination node roams 
from a first network including the first network address to a second network 
including the second network address between the first and second periods. 

7. The method of claim 2, wherein the source node has a first network address 
during a first period of the packet data communication session and a second, 
different network address during a second, subsequent period of the data 
communication session, the packets include a source address, and the source 



WO 2004/045159 



13 



PCT/GB2003/004812 



node transmits, during the first period, packets having the first network address 
as the source address and the address of the destination node as the destination 
address and transmits, during the second period, packets having the second 
network address as the source address, the address of the destination node in the 
extension header and, as the destination address, the address of a forwarding 
agent which forwards the packets to the destination node. 

8. The method of claim 7, wherein a payload of the packets transmitted by the 
source node during the second period contains the address of the destination 
node. 

9. The method of claim 7 or 8, wherein the source node roams from a first network 
including the first network address to a second network including the second 
network address between the first and second periods. 

10. The method of any one of claims 3, 7 or 8, wherein one or more intermediate 
nodes, through which the packets are routed between the source node and the 
destination node, read information in the extension header. 

11. The method of claim 10, wherein the extension header is a Hop-by-Hop Options 
extension header. 

12. A method of filtering data packets at a network gateway, the data packets having 
a header including a destination address, the method comprising selectively 
blocking ones of the data packets where the destination address does not meet a 
destination address criterion or a forwarding agent criterion which defines an 
address of at least one forwarding agent which forwards packets addressed to the 
forwarding agent to a destination node at a network address specified in the 
payload of the packet. 

13. The method of claim 12, wherein the at least one forwarding agent blocks 
packets for which the network address does not meet the destination address 
criterion. 
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14. The method of claim 12, wherein the forwarding agent criterion is variable so as 
to include or exclude an address of the at least one forwarding agent 

15. A method of transmitting data packets in a source node of a packet data network, 
comprising establishing a packet data communication session with a destination 
node at a first network address via a network gateway such that the gateway 
applies a filter to the data packets of the communication session based on a 
destination address of the data packets, receiving an indication of a second 
network address of the destination node during the session, and transmitting 
subsequent packets within the session addressed to the second network address 
and containing the first network address in an extension header for containing 
information to be read by intermediate nodes between the source node and the 
destination node. 

16. A method of applying a destination address based filter at a network gateway to 
a packet data session between a source node and a destination node, wherein the 
destination node roams from a home address in a home network to a care-of 
address in a foreign network and sends a binding update to the source node so 
that the source node addresses subsequent packets in the session to the care-of 
address and places the home address in an extension header of the subsequent 
packets, the method comprising applying the destination address-based packet 
filter to the extension header of the subsequent packets. 

17. The method of claim 16, wherein the extension header is used by the destination 
node to restore the home address as the destination address of the subsequent 
packets. 

18. The method of claim 16, wherein the extension header is read by intermediate 
nodes between the source node and the destination node. 

19. A method of applying a destination address based packet filter at a network 
gateway to a packet data session between a source node and a destination node, 
wherein the source node roams from a home address in a home network to a 
care-of address in a foreign network having said network gateway, and sets up a 
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reverse tunnel to a home agent in the home network for forwarding packets to 
the destination node, the source node places the address of the destination node 
in an extension header of packets sent from the foreign network, and the 
network gateway applies the destination address filter to the extension header of 
the packets. 

20. A computer program for performing the method of any preceding claim. 

21. Apparatus arranged to perform the method of any of claims 1 to 19. 

22. A method substantially as herein described with reference to the accompanying 
drawings. 



